https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009432#M1108616 <P>Please help me understand the following scenario.</P><P>I have a L7 application block rule in the FMC yet in the CLI that rule doesn't show a block and quite a few hits.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_0-1706647833707.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209200i6C3ED2C54ADAC738/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_0-1706647833707.png" alt="dcanady55_0-1706647833707.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_1-1706647866772.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209201i2C92F02B918070FA/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_1-1706647866772.png" alt="dcanady55_1-1706647866772.png" /></span></P><P>Then if I look at another rule in the FMC that I have setup with a block and compare that CLI output you can see there is a deny in the statement with a hit count of zero.&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_2-1706647919907.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209225i18E3ABDAD20A8435/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_2-1706647919907.png" alt="dcanady55_2-1706647919907.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_4-1706648031120.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209228i70C9AB133714D4D7/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_4-1706648031120.png" alt="dcanady55_4-1706648031120.png" /></span></P><P>Thanks,</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jan 2024 20:57:00 GMT dcanady55 2024-01-30T20:57:00Z https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009432#M1108616 <P>Please help me understand the following scenario.</P><P>I have a L7 application block rule in the FMC yet in the CLI that rule doesn't show a block and quite a few hits.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_0-1706647833707.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209200i6C3ED2C54ADAC738/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_0-1706647833707.png" alt="dcanady55_0-1706647833707.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_1-1706647866772.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209201i2C92F02B918070FA/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_1-1706647866772.png" alt="dcanady55_1-1706647866772.png" /></span></P><P>Then if I look at another rule in the FMC that I have setup with a block and compare that CLI output you can see there is a deny in the statement with a hit count of zero.&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_2-1706647919907.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209225i18E3ABDAD20A8435/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_2-1706647919907.png" alt="dcanady55_2-1706647919907.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dcanady55_4-1706648031120.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/209228i70C9AB133714D4D7/image-size/medium?v=v2&amp;px=400" role="button" title="dcanady55_4-1706648031120.png" alt="dcanady55_4-1706648031120.png" /></span></P><P>Thanks,</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jan 2024 20:57:00 GMT https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009432#M1108616 dcanady55 2024-01-30T20:57:00Z https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009494#M1108623 <P>What you see in the CLI is the LINA access rule.&nbsp; In the first access rule where you are blocking Bittorrent, the inspection and eventual drop will be done in SNORT, there for the LINA needs to permit the traffic so it will be forwarded to SNORT.</P> <P>In the second access rule you are blocking all traffic and therefor there is not need for traffic to go to SNORT and it will be dropped on LINA.</P> Tue, 30 Jan 2024 22:54:02 GMT https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009494#M1108623 Marius Gunnerud 2024-01-30T22:54:02Z https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009501#M1108625 <P>If the IP's for same traffic then&nbsp;</P> <P>First policy make traffic pass ACP l3/l4 and forward to snort for inspection'&nbsp;</P> <P>Second make traffic (same one) inspect by ACP l7 in Snort.</P> <P>MHM</P> Tue, 30 Jan 2024 23:17:39 GMT https://community.cisco.com/t5/network-security/ftd-cli-acp-vs-fmc-acp/m-p/5009501#M1108625 MHM Cisco World 2024-01-30T23:17:39Z